Website beschemring facing cyber resilience of the website.

Technology

• Used Platform: which technology is used eg Wordpress, Drupal, PHP ....
• Patch Frequency: How often the pathes of the site are carried out
• Vulnerability scanning: automatic or manual test some a website based on industry standards such as NIST 800-53.
• KPI determined based on cyber security

Cookie flags

Industry standard settings of cookies to prevent unauthorized access to the cookie information is possible.

His following items configured for their own cookies

• HTTP only flag
• Secure flag
• SameSite flag

Availability website

What is the agreed availability of the website?

Service level agreement or SLA

During a certain period (usually one year)

How long the hours may be the website in total unavailable

This is expressed in percentages.

Beware of estimating percentages. We take an example of a shop that normally 24/7 throughout the year must have been available.

Basic operation time: 365 x 24h = 8.760 hours

• SLA 95%, it means 5 or 438% of downtime of hours or days of downtime 18.25
• 97.5%, mean of 2.5% of downtime or 219 hours or 9,125 days of downtime
• 99%, is 1% or 87.6 downtime of hours or 3.65 days downtime
• 99.9%, mean 0.1%, or 8.76 downtime of hours or days of downtime 0.365
• 99.99%, means 0.01%, or 0.876 downtime of hours or days of downtime 0.0365

Logical is that the better the SLA requested, the higher the support will be.

Recovery Point Objective or RPO

Recovery point objective and recovery point means maximum amount of information can be lost in an incident.

This means for a recovery of the service, how much data is expressed in time you must return to give or reacquire go / generation at source.

In many cases this will scale back the longest period between backups.

For example, at midnight, take a backup every day is the first day RPO =

However, if other techniques such snapshots are applied to each hour, and the provider takes the necessary precautions to be sufficiently protected against loss, you may have an RPO of one hour.

Recovery To Operations or RTO

Return to Operations is the time that a single incident may last.

It is often expressed in hours.

An RTO for example, 2 hours, means deleverancier will ensure that no more than two hours will impact an outage or incident normal operational service.

Here you must be careful that you also give a speficieke definition of what is a normal operational service.

An example of this is:

• Log on to the web shop
• Searching for an article
• Add items to shopping cart
• Checkout shopping cart
• The fomaliteiten such as order confirmations and invoices output